Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This! log Please Help!


  • Please log in to reply

#1
nytro2413

nytro2413

    Member

  • Member
  • PipPip
  • 16 posts
ok i have the limewire problem where it keeps opening on its own, i removed limewire. The task manager wont open either, i ran a virus scan and im geting a trojen winlog.exe and it cant be removed. Heres my hijack This log. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 12:15:42 PM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
e:\program files\mcafee.com\agent\mcdetect.exe
e:\PROGRA~1\mcafee.com\vso\mcshield.exe
e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
e:\PROGRA~1\mcafee.com\vso\OasClnt.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
e:\program files\mcafee.com\vso\mcvsshld.exe
e:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\outlook\outlook.exe
E:\WINDOWS\system32\winlog.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\D-Tools\daemon.exe
E:\WINDOWS\system32\devldr32.exe
e:\program files\mcafee.com\agent\mcagent.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
E:\PROGRA~1\mcafee.com\mps\mscifapp.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Nytro\Desktop\New Folder (2)\New Folder\New Folder3\utorrent-1.3.2-beta-build-401.exe
e:\progra~1\mcafee.com\vso\mcvsftsn.exe
E:\Program Files\Messenger\msmsgs.exe
e:\PROGRA~1\mcafee.com\agent\McDash.exe
e:\program files\mcafee.com\shared\mghtml.exe
e:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Nytro\Desktop\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - e:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - e:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] E:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [McRegWiz] E:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "E:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] E:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] E:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] E:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] e:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] E:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Nytro\Desktop\New Folder (2)\New Folder\New Folder3\utorrent-1.3.2-beta-build-401.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - e:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - e:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

Edited by nytro2413, 05 March 2006 - 05:53 PM.

  • 0

Advertisements


#2
nytro2413

nytro2413

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Can anyone help?
  • 0

#3
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi nytro2413

Welcome to G2G! :tazz:

* Click here to download Brute Force Uninstaller (bfu.zip) and save it to your C:\ drive.
  • Next you must unzip the bfu.zip file to its own folder on C:\ so that the path to it is C:\BFU.
  • The file path must be C:\BFU for the removal to work.
* Next download the alcanshorty.bfu script and save it to the C:\BFU folder.
  • RIGHT-CLICK HERE and choose "Save As" (in Internet Explorer it's "Save Target As") to download alcanshorty.bfu.
  • Save it in the C:\BFU folder you made earlier
  • Start the Brute Force Uninstaller by doubleclicking the BFU.exe in the C:\BFU folder.
  • In the scriptline to execute copy and paste this line:

    c:\bfu\alcanshorty.bfu

  • Press execute and let it run.
  • Wait for the complete script execution box to popup and press OK.
  • Press exit to terminate the BFU program.

* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop

* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#4
nytro2413

nytro2413

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok task manager works now but i dont know if its fixed so ill still post the logs

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:32:39 AM, 3/6/2006
+ Report-Checksum: 8CC101CB

+ Scan result:

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Counted : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Casinopays : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\nytro[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected]ving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Nytro\Local Settings\Temporary Internet Files\Content.IE5\73X7V50S\HangStanTriviaSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\HangStanTriviaSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Program Files\BPK\bpkun.exe -> Not-A-Virus.Monitor.Win32.Perflogger.an : Cleaned with backup
C:\Program Files\BPK\bpkvw.exe -> Not-A-Virus.Monitor.Win32.Perflogger.aq : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Adition : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Targetnet : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Web-stat : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup
E:\Program Files\outlook\outlook.exe -> Worm.VB.dw : Cleaned with backup
E:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
E:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup
E:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 12:55:12 AM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\D-Tools\daemon.exe
E:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
E:\Program Files\McAfee.com\VSO\mcvsshld.exe
e:\progra~1\mcafee.com\vso\mcvsescn.exe
e:\program files\mcafee.com\agent\mcagent.exe
E:\Program Files\McAfee.com\VSO\oasclnt.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
E:\PROGRA~1\mcafee.com\mps\mscifapp.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
E:\WINDOWS\system32\devldr32.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
e:\program files\mcafee.com\agent\mcdetect.exe
e:\PROGRA~1\mcafee.com\vso\mcshield.exe
e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Nytro\Desktop\New Folder (2)\New Folder\New Folder3\utorrent-1.3.2-beta-build-401.exe
E:\Program Files\Messenger\msmsgs.exe
e:\progra~1\mcafee.com\vso\mcvsftsn.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Nytro\Desktop\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - e:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - e:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] E:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [McRegWiz] E:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "E:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] E:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] E:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] e:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] e:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] E:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Nytro\Desktop\New Folder (2)\New Folder\New Folder3\utorrent-1.3.2-beta-build-401.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - e:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - e:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
  • 0

#5
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#6
nytro2413

nytro2413

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
heres the new scans



Incident Status Location

Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Nytro\Local Settings\Temp\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Eblaster Not disinfected C:\RECYCLER\S-1-5-21-1715567821-789336058-839522115-1003\Dc825.1082(2)\setup.exe
Spyware:Cookie/2o7.net Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/NewMedia Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Ask Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Entrepreneur Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/go Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Screensavers Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Seeq Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/Toplist Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Valueclick Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][2].txt
Spyware:Cookie/WebPower Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Seeq Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected E:\Documents and Settings\Nytro\Cookies\[email protected][1].txt

Logfile of HijackThis v1.99.1
Scan saved at 10:04:55 PM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\McAfee.com\VSO\mcvsshld.exe
e:\progra~1\mcafee.com\vso\mcvsescn.exe
e:\program files\mcafee.com\agent\mcagent.exe
E:\Program Files\McAfee.com\VSO\oasclnt.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
E:\PROGRA~1\mcafee.com\mps\mscifapp.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
E:\WINDOWS\system32\devldr32.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
e:\program files\mcafee.com\agent\mcdetect.exe
e:\PROGRA~1\mcafee.com\vso\mcshield.exe
e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Nytro\Desktop\New Folder (2)\New Folder\New Folder3\utorrent-1.3.2-beta-build-401.exe
E:\Program Files\Messenger\msmsgs.exe
e:\progra~1\mcafee.com\vso\mcvsftsn.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Nytro\Desktop\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - e:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - e:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] E:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VSOCheckTask] "E:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] E:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] E:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] e:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] e:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] E:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MCAFInstaller_mpfins.ui] E:\WINDOWS\TEMP\mcu1A.tmp\MCAPPINS.exe /v=3 /start=mpfins.ui::default.htm
O4 - HKLM\..\Run: [MCAFInstaller_mpsins.ui] E:\WINDOWS\TEMP\mcu2D.tmp\MCAPPINS.exe /v=3 /start=mpsins.ui::default.htm
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Nytro\Desktop\New Folder (2)\New Folder\New Folder3\utorrent-1.3.2-beta-build-401.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - e:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - e:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
  • 0

#7
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


** Before you proceed with the removal directions below you need to turn off MS Anti-Spyware's realtime protection as it will interfere with the changes we are trying to make.
  • Open MS Anti-Spyware and click on Options > Settings.
  • Click on "Realtime Protection" in the left pane.
  • Remove the check by these:
    • Enable the Microsoft Security Agents on startup (recommended)
    • Enable real-time spyware threat protection (recommended)
  • Click "Save"
  • Now right click the MS Anti-spyware icon in your system tray and choose "Shutdown Microsoft Anti-Spyware"
  • Leave it disabled until we are finished here.

* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [outlook] E:\Program Files\outlook\outlook.exe /auto


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste the following line:

    E:\Program Files\outlook

  • Click on the button that has the red circle with the X in the middle.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Exit the Killbox.

* Restart back into Windows normally now.


* Run Kaspersky online virus scan here.

When given the option, choose the "Extended database" for the scan.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#8
nytro2413

nytro2413

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:00:00 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\McAfee.com\VSO\mcvsshld.exe
e:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\Program Files\McAfee.com\VSO\oasclnt.exe
E:\WINDOWS\system32\devldr32.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
e:\program files\mcafee.com\agent\mcdetect.exe
e:\PROGRA~1\mcafee.com\vso\mcshield.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
E:\PROGRA~1\mcafee.com\mps\mscifapp.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
E:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
e:\progra~1\mcafee.com\vso\mcvsftsn.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Documents and Settings\Nytro\Desktop\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - e:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - e:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VSOCheckTask] "E:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] E:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] E:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] e:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] e:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] E:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MCAFInstaller_mpfins.ui] E:\WINDOWS\TEMP\mcu1A.tmp\MCAPPINS.exe /v=3 /start=mpfins.ui::default.htm
O4 - HKLM\..\Run: [MCAFInstaller_mpsins.ui] E:\WINDOWS\TEMP\mcu2D.tmp\MCAPPINS.exe /v=3 /start=mpsins.ui::default.htm
O4 - HKLM\..\Run: [CleanUp] E:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [mctskshd.exe] e:\PROGRA~1\mcafee.com\agent\mctskshd.exe -regserver
O4 - HKLM\..\RunOnce: [mcdetect.exe] e:\PROGRA~1\mcafee.com\agent\mcdetect.exe -regserver
O4 - HKLM\..\RunOnce: [mskping.dll] rundll32.exe advpack.dll,RegisterOCX e:\PROGRA~1\mcafee\SPAMKI~1\mskping.dll
O4 - HKLM\..\RunOnce: [mcapfbho.dll] rundll32.exe advpack.dll,RegisterOCX e:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O4 - HKLM\..\RunOnce: [MSKSrvr.exe] E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe /regserver
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Nytro\Desktop\New Folder (2)\New Folder\New Folder3\utorrent-1.3.2-beta-build-401.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - e:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - e:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

Infected Object Name Virus Name Last Action
C:\RECYCLER\S-1-5-21-1715567821-789336058-839522115-1003\Dc824.exe/bpkwb.dll Infected: Trojan-Spy.Win32.Perfloger.i skipped

C:\RECYCLER\S-1-5-21-1715567821-789336058-839522115-1003\Dc824.exe/rinst.exe Infected: Trojan-Spy.Win32.Perfloger.l skipped

C:\RECYCLER\S-1-5-21-1715567821-789336058-839522115-1003\Dc824.exe RAR: infected - 2 skipped

C:\RECYCLER\S-1-5-21-1715567821-789336058-839522115-1003\Dc824.exe RapSFX: infected - 2 skipped

C:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP22\A0003911.exe/bpkwb.dll Infected: Trojan-Spy.Win32.Perfloger.i skipped

C:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP22\A0003911.exe/bpkr.exe Infected: Trojan-Spy.Win32.Perfloger.l skipped

C:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP22\A0003911.exe RAR: infected - 2 skipped

E:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP22\A0003894.exe Infected: P2P-Worm.Win32.VB.dw skipped

E:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP22\A0003937.exe Infected: P2P-Worm.Win32.VB.dw skipped

E:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP22\A0003938.exe Infected: Backdoor.Win32.Rbot.gen skipped
  • 0

#9
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • In the "Full Path of File to Delete" box, copy and paste the following line:

    C:\RECYCLER\S-1-5-21-1715567821-789336058-839522115-1003\Dc824.exe

  • Click on the button that has the red circle with the X in the middle.
  • It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

How is everything now?
  • 0

#10
nytro2413

nytro2413

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
i can access the task manager now so thats good i dont know about lime wire cuz i ununstalled it but when i open internet windows i seem to get a lot of page unavalibles but that could be the page or my isp not sure.other than that everything seems ok. Thanks for all the help.

Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.7
Codec Pack - All In 1 6.0.3.0
DAEMON Tools
ewido anti-malware
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
Kaspersky On-line Scanner
KC Softwares VideoInspector
Macromedia Flash Player 8
McAfee Uninstall Wizard
Microsoft AntiSpyware
Mouse Gestures for Internet Explorer 1.1.0.2
MSN Messenger 7.5
NVIDIA Drivers
Panda ActiveScan
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

Logfile of HijackThis v1.99.1
Scan saved at 7:28:24 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ewido anti-malware\ewidoctrl.exe
e:\program files\mcafee.com\agent\mcdetect.exe
e:\PROGRA~1\mcafee.com\vso\mcshield.exe
e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
e:\PROGRA~1\mcafee.com\vso\OasClnt.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
e:\program files\mcafee.com\vso\mcvsshld.exe
e:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
e:\program files\mcafee.com\agent\mcagent.exe
E:\WINDOWS\system32\devldr32.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
E:\PROGRA~1\mcafee.com\mps\mscifapp.exe
E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Messenger\msmsgs.exe
e:\progra~1\mcafee.com\vso\mcvsftsn.exe
E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Nytro\Desktop\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - e:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - e:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - e:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - e:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VSOCheckTask] "E:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] E:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] E:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] E:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] e:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] E:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] E:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MCAFInstaller_mpsins.ui] E:\WINDOWS\TEMP\mcu2D.tmp\MCAPPINS.exe /v=3 /start=mpsins.ui::default.htm
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Nytro\Desktop\New Folder (2)\New Folder\New Folder3\utorrent-1.3.2-beta-build-401.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - e:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - E:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - e:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - e:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - e:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - E:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
  • 0

#11
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
It looks like everything is clean.

* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.


* Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently:

Disk Cleanup:

http://www.theelderg...nup_utility.htm

Defrag your HD:

http://artsweb.bham....rag-win2kxp.htm

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

Remove unnecessary startups

This should be done through the System Configuration Utility. Go to Start > Run and type in msconfig.
Click OK or hit the Enter key.

Click on the "Startup" tab and remove the check by the items that you have determined are unnecessary. Click "Apply" then "Close"

You will be prompted to restart. Go ahead and restart.

Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again.

Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option.

Go here for info on msconfig:

http://www.pacs-port...artup_index.htm

You can look up the startups at the following links to help determine what is needed and what is not:

http://computercops....tartupList.html

http://www.bleepingc...r.com/startups/

http://www.answersth...es/tasklist.htm

http://www.windowsst...start=50&end=75


* I recommend that you go ahead and disable these from starting up with Windows via msconfig:

Before you do this, you need to turn off MS Anti-Spyware's realtime protection as it will interfere with the changes we are trying to make.

NvCplDaemon RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz nwiz.exe /install

NvMediaCenter RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

SunJavaUpdateSched E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

DAEMON Tools-1033 E:\Program Files\D-Tools\daemon.exe -lang 1033

MsnMsgr E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

µTorrent "C:\Documents and Settings\Nytro\Desktop\New Folder (2)\New Folder\New Folder3\utorrent-1.3.2-beta-build-401.exe"

MSMSGS "E:\Program Files\Messenger\msmsgs.exe" /background


Adobe Reader Speed Launch E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe



In order to keep MSN Messenger and Windows Messenger from loading at startup you need to disable the option in the preferences.

In MSN Messenger and go to Tools >Options and uncheck "Run this program when Windows starts" on the Preferences tab.

In Outlook Express, go to Tools > Options > General tab and uncheck the option to "Automatically log on to Windows Messenger".

Also in Outlook Express, go to View > Layout and uncheck the option to display Contacts. The program will open a connection and display a list of all Contacts on line if you do not.

This same process applies to Windows Messenger as well so disable the option to start it with Windows the same way.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP